Google today announced plans to disable fallback to version 3 of the SSL protocol in Chrome 39, and remove SSL 3.0 completely in Chrome 40. The decision follows the company’s disclosure of a serious security vulnerability in SSL 3.0 on October 14, the attack it dubbed Padding Oracle On Downgraded Legacy Encryption (POODLE).
Following Mozilla’s decision on the same day to disable SSL 3.0 by default in Firefox 34, which will be released on November 25, Google has laid out its plans for Chrome. This was expected, given that Google Security Team’s Bodo Möller stated at the time: “In the coming months, we hope to remove support for SSL 3.0 completely from our client products.”
Google explains website administrators should take note of these upcoming changes:
SSLv3-fallback is only needed to support buggy HTTPS servers. Servers that correctly support only SSLv3 will continue to work (for now) but some buggy servers may stop working. The answer in these cases is to fix the server — TLS 1.0 is nearly 15 years old at this point.
The fallback option is already disabled in Chrome’s newer non-stable versions (the Canary, Dev, and Beta channels for those who follow the browser’s development). Google says it has run out of time to translate a specific error message into all the languages Chrome supports. As such, when the browser encounters a buggy server, it will display a generic error message, and toggling the Details option will show ERR_SSL_FALLBACK_BEYOND_MINIMUM_VERSION.
Currently, Google also plans to disable SSL 3.0 completely in Chrome 40, though it hints that may be delayed if too many compatibility issues arise. In the meantime, Chrome 39 will show a yellow badge over the lock icon for SSL 3.0 sites, which will need to be updated to at least TLS 1.0 before Chrome 40 is released (developers can run Chrome with –ssl-version-min=tls1 in order to test their sites).
Enterprises can use the policy options SSLVersionMin and SSLVersionFallbackMin to control the minimum fallback version and minimum SSL/TLS version in Chrome 39, as well as via about:flags in Chrome 40. Google plans to remove SSL 3.0 client support from Chrome’s code eventually, at which point those workarounds won’t work, but it wouldn’t say exactly when this would be.
Speaking of timing, Chrome is updated approximately every six weeks. As we’ve noted before, Chrome 39 should arrive next month, which means Chrome 40 will arrive late this year or early in 2015.
Unlike Mozilla, Google doesn’t provide exact dates for its Chrome releases. While it’s great to see the company commit to getting rid of SSL 3.0, it’s worth noting that Mozilla reacted much faster, and its researchers weren’t even the ones to find the flaw.
Yet it’s still doing better than Microsoft, which yesterday declared it was “working to disable fallback to SSL 3.0 in IE, and disable SSL 3.0 by default in IE, and across Microsoft online services, over the coming months.” No specific IE versions or timeframes were offered, though the company did provide a temporary one-click “Fix it for me” solution.